Job Description - Cyber Threat Specialist, Threat hunting (14001942D20230626)
DISCOVER your opportunity
AXA XL has an exciting opportunity for an experienced L3 SOC analyst to join the Security Operations team. The successful candidate will be providing incident response, threat hunting, malware analysis, vulnerability assessment and cyber threat intelligence. You will have a history of successfully managing complex high severity cyber security incidents. You will have a proactive and inquisitive mindset and have the ability to analyze event data from various data sources.
What will your essential responsibilities include?
* Proactively prevent, detect and respond to Cyber Security incidents to reduce risk at AXA XL.
* Responsible for identifying, isolating, and resolving advanced threats.
* Identify new and dynamic ways to protect AXA XL against the evolving threat landscape.
* Analyze event data from various data sources; End Point, Cloud Based, Network.
* Apply knowledge of current and past malware methods, attack methodologies, and TTPs (Tactics, Techniques, Procedures) to discover anomalies and trends within data.
* Understand the Threat Hunting Maturity Model and Threat Hunt Process and apply the MITRE Attack Framework during investigations.
* Conduct research using open and closed source intelligence sources.
* Lead in the capture of attacker techniques, indicators of compromise and objectives, and use the captured information to improve defenses through recommendations for the creation of detection logic.
* Lead investigations using multiple data/intelligence sources and tools to track down and profile cyber threat actors and activity.
* Search for security gaps by performing risk assessment, penetration testing, and identifying internal risks.
* Demonstrate technical security expertise in the security incident detection and response and offensive security field.
* Manage the response to complex and high severity security incidents. Responsible for taking decisions and identifying required actions. During high severity security incidents, you will advise the AXA XL CIO and CSO on appropriate containment, eradication, and remediation measures.
* Planning and remediating complex cyber security threats and incidents across the AXA XL IT estate without supervision.
* Drive the development of the SIEM security control environment. Represent AXA XL to AXA Group and other AXA organizations in the field of threat hunting.
* Mentor, coach and provide an escalation point for SOC analysts.
* Provide an after-hours point of escalation for critical incidents.
* Work with Global Technology, Information Security, Data Protection Office and IRM teams to align on and implement security incident detection and response processes.
* Understand and demonstrate the basic principles of digital forensics as it relates to incident detection and response.
* Develop SOC security incident policies and investigation procedures, for use across multiple information systems and teams, without supervision.
* Analyze, define, and manage the delivery of new SIEM rules through our managed security service provider. Create new custom detection rules using KQL.
* Manage the managed security service provider to tune existing rules.
* Manage and represent the Security Operations team on ethical hack exercises.
* Produce incident reports and post-incident improvement assessments.
* Produce reports for the CIO and CSO.
We’re looking for someone who has these abilities and skills:
* Microsoft security operations certifications.
* Security incident detection and response certification would be desirable.
* Good knowledge of the principles relating to DLP, IDS/IPS, Firewalls, Proxies, Identity Access Management, Certificate Management, SIEM, Endpoint Protection, Anti-malware, vulnerability management, etc.
* Knowledge of industry standards such as ISO 27001, HIPAA, FedRAMP, Cloud Security Alliance, NIST frameworks and risk methodologies.
* Understanding of threat landscapes and threat modelling, security threat and vulnerability management, and security monitoring.
* Awareness of tools and techniques used by attackers to gain entry into corporate networks, including common IT system flaws and vulnerabilities.
* Demonstrated experience in communicating complex security concepts, both verbally and in writing, to a variety of audiences.
* Must take ownership of tasks and demonstrate high degree of autonomy to ensure completion.
* Must be personable and foster good stakeholder and peer group working relationships.
Location
Location: GB-GB-Ipswich
Work Locations: GB Ipswich 2nd floor, Civic Drive
Job Field: IT
Schedule: Full-time
Job Type: Standard
#J-18808-Ljbffr